What is HTTP?
HTTP stands for hyper-text transfer protocol. It is essentially the protocol used by the client (generally your web browser such as Chrome, Edge, or Firefox) to allow communication with the server a website is hosted on. The protocol determines how your data is transported between the client and the web server. This can include anything from information about what you have clicked on when navigating around a website to bank details you enter when buying something online.
HTTP was created in the 1989 by Tim Berners-Lee when the internet was relatively new, and the focus was on presenting the information needed between the browser and the web server. However, when data is transferred via HTTP it is not encrypted meaning it can be intercepted and altered. Which brings us onto HTTPS….
What is HTTPS?
The main difference between HTTP and HTTPS is the way in which data is transferred.
HTTPS is essentially just an extended version of HTTP which has an added layer of security. This layer of security is powered by something called Transport Layered Security (TLS), a technology which ensures that the connection between your browser and the web server is encrypted. TLS also authenticates the server you are connecting to which protects any transmitted data from being tampered.
Therefore, if you are using a website to enter any information which you would not want someone to be able to intercept, such as your username/password, bank details etc. you should always check that the website is using HTTPS before moving any further.
Does my website need to use HTTPS?
If you own a business or manage a website, how important is it to switch to HTTPS if you aren’t using it already?
It you are collecting sensitive data such as payment details and passwords the answer is easy – very. However, even if you are not, it is still worth considering switching to HTTPS.
One of the main reasons (which you may have noticed yourself when browsing online) is that Google flags websites that are just using HTTP as ‘Not secure’. This can potentially worry users who are accessing your website and can build a negative first impression. This is particularly the case now that HTTPS is increasingly become the norm, which means that users are more likely to be alarmed if they come across a ‘non-secure’ website.
Additionally, in August 2014, Google also announced that it would be using HTTPS as a ranking factor in their algorithm. They said at first this would just be a lightweight signal (HTTPS as a ranking signal | Google Search Central Blog) but that this may strengthen it over time.
Finally, if you collect any data about your customers through your website (even if it is not as sensitive as their banking information), making sure your site is secure is important so that you can keep this data protected – which is particularly important given the new data protection law.